SQLRecon – A C# MS SQL Toolkit Designed For Offensive Reconnaissance And Post-Exploitation

A C# MS-SQL toolkit designed for offensive reconnaissance and post-exploitation. For detailed usage information on each technique, refer to the wiki. Usage You can grab a copy of SQLRecon from the releases page. Alternatively, feel free to compile the solution yourself This should be as straight forward as cloning the repo, double clicking the solutionRead More

Xolo – Tool To Crawl, Visualize And Interact With SQL Server Links In A D3 Graph

Author: ET Lownoise Version: 1.0 Tool to crawl, visualize and interact with SQL server links in a d3 graph to help in your red/blue/purple/…/risk assessments pentest hacking team exercises. Requirements: Requests==2.18.4Flask==0.12.2JsonPypyodbcbeautifulsoup4==4.6.0lxml==4.1.0Example: pip install pypyodbc python -m pip install pypyodbc Install/Run: – Download- Decompress – Put it in directory- Run it c:xolo>python main.py … * RunningRead More

SQLbit – Just Another Script For Automatize Boolean-Based Blind SQL Injections

A script for automatize boolean-based blind SQL injections. Works with SQLite at least, supports using cookies. It uses bitwise comparisons with multithreading to find cell values instead of binary search, which is more efficient. It’s able to: Search cell values by columns in a table Search characters count in a cells by columns in aRead More

Cloudquery – Transforms Your Cloud Infrastructure Into SQL Database For Easy Monitoring, Governance And Security

CloudQuery transforms your cloud infrastructure into queryable SQL for easy monitoring, governance and security. What is CloudQuery and why use it? CloudQuery pulls, normalize, expose and monitor your cloud infrastructure and SaaS apps as SQL database. This abstracts various scattered APIs enabling you to define security, governance, cost and compliance policies with SQL. CloudQuery canRead More

Libinjection – SQL / SQLI Tokenizer Parser Analyzer

SQL / SQLI tokenizer parser analyzer. For C and C++ PHP Python Lua Java (external port) [LuaJIT/FFI] (https://github.com/p0pr0ck5/lua-ffi-libinjection) (external port) See https://www.client9.com/ for details and presentations. Simple example: fingerprint of ‘%s’n”, state.fingerprint); } return issqli; } “> #include <stdio.h>#include <strings.h>#include <errno.h>#include “libinjection.h”#include “libinjection_sqli.h”int main(int argc, const char* argv[]){ struct libinjection_sqli_state state; int issqli; const char*Read More

Fawkes – Tool To Search For Targets Vulnerable To SQL Injection (Performs The Search Using Google Search Engine)

Fawkes is a tool to search for targets vulnerable to SQL Injection. Performs the search using Google search engine. Options -q, –query – Dork that will be used in the search engine. -r, –results – Number of results brought by the search engine. -s, –start-page – Home page of search results. -t, –timeout – TimeoutRead More

SQLMap v1.4.9 – Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from theRead More

MSSQLi-DUET – SQL Injection Script For MSSQL That Extracts Domain Users From An Active Directory Environment Based On RID Bruteforcing

SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing. Supports various forms of WAF bypass techniques through the implementation of SQLmap tamper functions. Additional tamper functions can be incorporated by the user depending on the situation and environment.Comes in two flavors: straight-up Python script for terminalRead More

Mssqlproxy – A Toolkit Aimed To Perform Lateral Movement In Restricted Environments Through A Compromised Microsoft SQL Server Via Socket Reuse

mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse. The client requires impacket and sysadmin privileges on the SQL server. Please read this article carefully before continuing.It consists of three parts: CLR assembly: Compile assembly.cs Core DLL: Compile reciclador.sln Client: mssqlclient.py (based onRead More